xTr1m/GameList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Validate screenshot URLs server- and client-side

Browse Source
This commit is contained in:
Frank Tovar
2026-01-29 01:39:23 +01:00
parent 480c2a6e49
commit 5b62640b76
3 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Endpoints/EndpointHelpers.cs
View File

@@ -34,6 +34,16 @@ internal static class EndpointHelpers
? t[..Math.Min(t.Length, max)]
: null;
public static bool IsValidImageUrl(string? url)
{
if (string.IsNullOrWhiteSpace(url)) return true; // empty is acceptable
if (!Uri.TryCreate(url, UriKind.Absolute, out var uri)) return false;
if (uri.Scheme is not ("http" or "https")) return false;
var path = uri.AbsolutePath.ToLowerInvariant();
return path.EndsWith(".png") || path.EndsWith(".jpg") || path.EndsWith(".jpeg")
|| path.EndsWith(".gif") || path.EndsWith(".webp") || path.EndsWith(".avif");
}
public static async Task<bool> IsAdmin(HttpContext ctx, AppDbContext db, IConfiguration config)
{
var player = await GetAuthenticatedPlayer(ctx, db);

10
Endpoints/SuggestEndpoints.cs
View File

@@ -51,6 +51,11 @@ public static class SuggestEndpoints
return Results.BadRequest(new { error = "Name is required and must be <= 100 characters." });
}
if (!EndpointHelpers.IsValidImageUrl(request.ScreenshotUrl))
{
return Results.BadRequest(new { error = "Screenshot URL must be http(s) and end with an image file extension." });
}
var player = await EndpointHelpers.GetAuthenticatedPlayer(ctx, db);
if (player is null) return Results.Unauthorized();
@@ -118,6 +123,11 @@ public static class SuggestEndpoints
return Results.BadRequest(new { error = "Name is required and must be <= 100 characters." });
}
if (!EndpointHelpers.IsValidImageUrl(request.ScreenshotUrl))
{
return Results.BadRequest(new { error = "Screenshot URL must be http(s) and end with an image file extension." });
}
var suggestion = await db.Suggestions.FirstOrDefaultAsync(s => s.Id == id);
if (suggestion == null) return Results.NotFound(new { error = "Suggestion not found." });